On Fri, Nov 26, 2010 at 7:11 PM, Robert Haas <robertmhaas@gmail.com> wrote:
> I'm not totally convinced that this is the correct behavior. It seems
> a bit surprising that UPDATE privilege on a single column is enough to
> lock out all SELECT activity from the table. It's actually a bit
> surprising that even full-table UPDATE privileges are enough to do
> this, but this change would allow people to block access to data they
> can neither see nor modify. That seems counterintuitive, if not a
> security hole.
The way I see it, it's a Good Thing to encourage people to assign
UPDATE privileges on tables only as minimally as possible. The damage
that a poorly coded or malicious user can do with LOCK TABLE
privileges is insignificant next to the damage they can do with more
UPDATE privileges than they really need.
Right now, we're basically encouraging admins to grant full-table
update privileges when that's not really necessary.
If, in the future, Postgres supports the ability to LOCK TABLE only on
specific columns, I think we could refine this permissions check so
that column-level update privileges only allowed the user to lock
those columns. But I think this patch is a step in the right
direction.
Josh
